Because we can not use IBM WebSphere plugin in IHS for IBM Domino webservers anymore, i decided to use Apache and it’s Reverse Proxy configuration to load balance the Domino servers and ( finally ) configure session affinity for some of my applications.
Link to unsupported statement: http://www-01.ibm.com/support/docview.wss?uid=swg21988633
Link to supported technotes how to install the WebSphere plugin for Domino use: http://www-01.ibm.com/support/docview.wss?uid=swg21104930
It is all very confusing.
So, this is how it’s setup:
- Frontend webserver: CentOS 7.x.x with Apache 2.4.x listening on port 80 and 443
- Backend webserver: IBM Domino 9.0.1.x on Linux listening on port 8181
- Directory structure:
- Main configuration
/etc/httpd/conf/httpd.conf
Added extra lines:-
Listen 80
-
NameVirtualHost *:80
-
NameVirtualHost *:443
-
IncludeOptional websites.d/*.conf ( where i put my website configurations )
-
- Customizations
/etc/httpd/conf.d/ssl.conf
I totally commented out the <VirtualHost> section. I use one for every single website. - Balancer configuration as a shared configfile
/etc/httpd/custom/balancer.conf
This configuration file will be used in every website configuration and is included inside every <VirtualHost>.This file contains the following configuration:Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED <Proxy "balancer://webcluster"> BalancerMember "http://10.100.100.11:8181" route=Domino1 BalancerMember "http://10.100.100.12:8181" route=Domino2 ProxySet stickysession=ROUTEID </Proxy> ProxyPreserveHost On ProxyPass /server-status ! ProxyPass "/" "balancer://webcluster" stickysession=ROUTEID ProxyPassReverse "/" "balancer://webcluster" - SSL configuration including all patches
/etc/httpd/ssl/options-ssl-apache.conf
SSLEngine on # Intermediate configuration, tweak to your needs SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLHonorCipherOrder on SSLOptions +StrictRequire # Always ensure Cookies have "Secure" set (JAH 2012/1) Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"
- Website configuration
/etc/httpd/websites.d/websiteangioni.conf ( example )
This file contains the entire configuration for my website and it’s clustered IBM Domino webservers. With HTTP-HTTPS rewrite and session affinity.<VirtualHost *:80> DocumentRoot /var/www/html/error ServerName www.angioni.nl ServerAlias *.angioni.nl CustomLog "| /usr/sbin/rotatelogs -l /logs/angioni/%Y-%m-%d.access.log 86400" combined ErrorLog "| /usr/sbin/rotatelogs -l /logs/angioni/%Y-%m-%d.error.log 86400" RewriteEngine on LogLevel alert rewrite:trace2 alias:debug RewriteCond %{HTTPS} off RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] </VirtualHost> <IfModule mod_ssl.c> <VirtualHost *:443> include /etc/httpd/custom/*.conf ServerName www.angioni.nl ServerAlias *.angioni.nl CustomLog "| /usr/sbin/rotatelogs -l /logs/angioni/%Y-%m-%d.access.log 86400" combined ErrorLog "| /usr/sbin/rotatelogs -l /logs/angioni/%Y-%m-%d.error.log 86400" SSLCertificateFile /etc/httpd/ssl/__angioni_nl_ee.crt SSLCertificateKeyFile /etc/httpd/ssl/angioni.key SSLCertificateChainFile /etc/httpd/ssl/digicert.crt Include /etc/httpd/ssl/options-ssl-apache.conf <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from <my own ipaddress> Allow from 127.0.0.1 </Location> </VirtualHost> </IfModule>
- Main configuration
Visits: 638